HelloID incident

Important Security Update: Polyfill.io Supply Chain Attack

Notice Resolved View vendor source →

HelloID experienced a notice incident on June 27, 2024 affecting Provisioning and Provisioning and 1 more component, lasting 22h 36m. The incident has been resolved; the full update timeline is below.

Started
Jun 27, 2024, 08:13 AM UTC
Resolved
Jun 28, 2024, 06:50 AM UTC
Duration
22h 36m
Detected by Pingoru
Jun 27, 2024, 08:13 AM UTC

Affected components

ProvisioningProvisioningProvisioningService AutomationService AutomationService AutomationAccess ManagementAccess ManagementAccess Management

Update timeline

  1. monitoring Jun 27, 2024, 08:13 AM UTC

    Due to the polyfill.io supply chain attack, we conducted an investigation and have confirmed that we no longer use the CDN or have any references to polyfill.io. Therefore we do not see any risk related to HelloID. Although many measures have already been taken, we advise removing any whitelists for this domain and monitoring other applications for usage polyfill.io just to be safe.

  2. resolved Jun 28, 2024, 06:50 AM UTC

    This notification will be archived.